diff options
| author | tb <> | 2022-02-05 18:18:18 +0000 |
|---|---|---|
| committer | tb <> | 2022-02-05 18:18:18 +0000 |
| commit | 853bb6e844ee6365e958fc2e64686a6fdd24459c (patch) | |
| tree | 26b86cb618fa624cd2a6c747425dd6207aa32c42 /src/lib/libssl/s3_lib.c | |
| parent | c7cd75e51d33708442e984b9b2e0ef9c09472ae7 (diff) | |
| download | openbsd-853bb6e844ee6365e958fc2e64686a6fdd24459c.tar.gz openbsd-853bb6e844ee6365e958fc2e64686a6fdd24459c.tar.bz2 openbsd-853bb6e844ee6365e958fc2e64686a6fdd24459c.zip | |
Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
OpenSSL chose to break the previous naming convention for ciphers and
to adopt TLS_* "RFC" names instead. Unfortunately, these names are
exposed in several APIs and some language bindings test for these
non-standard names instead of cipher values, which is ... unfortunate
(others would say "plain crazy").
We currently have to maintain patches in regress and ports (p5-Net-SSLeay,
openssl-ruby-tests - which means that Ruby will pick this up at some point)
to work around this difference and that's just not worth the effort.
The old AEAD- names will become aliases and continue to work, but in
openssl ciphers and netcat output the TLS_* names will now be displayed.
"I would be very happy if this gets committed" bluhm
ok beck inoguchi, begrudgingly ok jsing
Diffstat (limited to 'src/lib/libssl/s3_lib.c')
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 916ed4935c..683a550ad8 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.226 2022/02/05 14:54:10 jsing Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.227 2022/02/05 18:18:18 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -882,7 +882,7 @@ const SSL_CIPHER ssl3_ciphers[] = { | |||
| 882 | /* Cipher 1301 */ | 882 | /* Cipher 1301 */ |
| 883 | { | 883 | { |
| 884 | .valid = 1, | 884 | .valid = 1, |
| 885 | .name = TLS1_3_TXT_AES_128_GCM_SHA256, | 885 | .name = TLS1_3_RFC_AES_128_GCM_SHA256, |
| 886 | .id = TLS1_3_CK_AES_128_GCM_SHA256, | 886 | .id = TLS1_3_CK_AES_128_GCM_SHA256, |
| 887 | .algorithm_mkey = SSL_kTLS1_3, | 887 | .algorithm_mkey = SSL_kTLS1_3, |
| 888 | .algorithm_auth = SSL_aTLS1_3, | 888 | .algorithm_auth = SSL_aTLS1_3, |
| @@ -898,7 +898,7 @@ const SSL_CIPHER ssl3_ciphers[] = { | |||
| 898 | /* Cipher 1302 */ | 898 | /* Cipher 1302 */ |
| 899 | { | 899 | { |
| 900 | .valid = 1, | 900 | .valid = 1, |
| 901 | .name = TLS1_3_TXT_AES_256_GCM_SHA384, | 901 | .name = TLS1_3_RFC_AES_256_GCM_SHA384, |
| 902 | .id = TLS1_3_CK_AES_256_GCM_SHA384, | 902 | .id = TLS1_3_CK_AES_256_GCM_SHA384, |
| 903 | .algorithm_mkey = SSL_kTLS1_3, | 903 | .algorithm_mkey = SSL_kTLS1_3, |
| 904 | .algorithm_auth = SSL_aTLS1_3, | 904 | .algorithm_auth = SSL_aTLS1_3, |
| @@ -914,7 +914,7 @@ const SSL_CIPHER ssl3_ciphers[] = { | |||
| 914 | /* Cipher 1303 */ | 914 | /* Cipher 1303 */ |
| 915 | { | 915 | { |
| 916 | .valid = 1, | 916 | .valid = 1, |
| 917 | .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, | 917 | .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256, |
| 918 | .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256, | 918 | .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256, |
| 919 | .algorithm_mkey = SSL_kTLS1_3, | 919 | .algorithm_mkey = SSL_kTLS1_3, |
| 920 | .algorithm_auth = SSL_aTLS1_3, | 920 | .algorithm_auth = SSL_aTLS1_3, |